Episode 22
Jason Schaller, Anderson Zurmuehlen
“MSSP’s: The Wild, Wild West of Risk Assessment”


Jason is the Head of Security for Anderson Zurmuehlen and Accounting, Audit, and Technology firm based in Helena, Mo. His team focuses on security risk and incident prevention.
Today we discuss the importance of assessments in a vulnerability prevention program and the risks that early stage MSSP’s may opening themselves to if they are not regularly assessing risk.
About This Episode
Jason Schaller joins us in today’s episode to discuss the importantance of regular assesments and compliance reviews. Anderson Zurmuehlen started as a traiditional audit and accounting firm and ultimately added technology as a division of their business. Leveraging their existing relationships where trust was established it only made sense to move into IT where trust of private information is also required.
Jason is responsible for both internal security and serving as the vCISO for the AZTS technology clients. AZTS has built a strong advisory firm forcused on IT governance and performing audits like SOC2 and CMMC..
Jason tells us how there is a huge opportunities for MSP’s to provide security based resources to the small to mid-sized business community.Accountants have long been conversing with clients about risk management and in his role he is able to use that common language and extend it to IT.
We then discuss how many MSP’s are changing their models to MSSP, but most are falling short in the areas of governance and maintining security policy and controls. While tools are being brought in to support security the talent hasn’t often caught up to really identify vulnerabilities.
We talk about how the industry and how the MSSP community mirrors how the early days of the MSP world got started, a number of proven premium security players and a large numbers of upstarts that may not be qualifed (yet) to truly be an MSSP and opening up risk to themselves.
One of the biggest blackholes for many MSSP’s today is a proven incident repsonse team. Jason speaks of the key to mitigating that risk is having a good front end and build a quality prevention program.
We close with that MSP’s that are unsure if they are conducting asesments and evaluating risk prevention appropriately they can engage Jason and his firm by visiting Anderson Zurmuehlen and engaging with their firm.
Related Episodes
Brian Doyle, Why Strategic Account Management is Vital
Episode 35 Brian Doyle vCIOToolbox (and Co-Host) "Why Strategic Account Management is Vital to MSP Success - The vCIO Role" Brian Doyle, in addition to being the host of this podcast, is the CEO and Co-Founder of vCIOToolbox a Strategic Account Management...
Jesse Hill, Tier 3 IT Solutions, “Treat your team well and good things happen”
Episode 34 Jesse Hill Tier 3 IT Solutions "Treat your team well and good things will happen" Jesse is the second generation operating Tier 3 helping take it from a retail break-fix company to a Managed Service focused machine.Hosts Brian Doyle Tim McNeil Robb...
Abe Garver, Focus Investment Banking “What MSP’s can do to prepare for M&A in 2021”
Episode 33 Abe GarverFocus Investment Banking "What MSP's can do to prepare for M&A in 2021" Abe Garver and Focus Investment Banking are Merger and Acquisition specialists focusing on the small to mid-market Managed Service Providers with transaction sizes...